<?php
	session_start();
	error_reporting (E_ALL ^ E_NOTICE);
	$username = $_POST['username'];
	$password = $_POST['password'];
	$username = htmlspecialchars($username);
	$password = htmlspecialchars($password);
	$hostname_conn = "127.0.0.1"; 
	$database_conn = "onestoptravelsgdb";
	$username_conn = "admin";
	$password_conn = "1stoptravel";
	$db_handle = mysql_connect($hostname_conn, $username_conn, $password_conn);
	if (!db_handle) {
		$msg = "<h2>An error has occurred.</h2><br/><p>System error: Database connection error</p>";
	} else {
		$db_found = mysql_select_db($database_conn, $db_handle);
		if ($db_found) {
			$username = mysql_real_escape_string($username);
			$password = mysql_real_escape_string($password);
			$SQL = "SELECT * FROM users WHERE username='" . $username . "' AND password='" . $password . "';";
			$result = mysql_query($SQL);
			if ($result) {
				if (mysql_num_rows($result) == 1) {
					setcookie ("onestoptravelsg", "", time() + 604800);
					$_SESSION['login'] = "1";
					$row = mysql_fetch_array($result);
					$_SESSION['user'] = $row['username'];
					$_SESSION['name'] = $row['firstname'];
					mysql_close($db_handle);
					$msg = "okay";
				}
				else {
					$_SESSION['login'] = "";
					$_SESSION['user'] = "";
					$_SESSION['name'] = "";
					$msg = "<h2>An error has occurred.</h2><br/><p>Login error: Incorrect username or password</p>";
				}
			}
			else {
				$msg = "<h2>An error has occurred.</h2><br/><p>Login error: Incorrect username or password</p>";
			}
		}
		else {
			$msg = "<h2>An error has occurred.</h2><br/><p>System error: Database not found error</p>";
		}
	}
	mysql_close($db_handle);
	echo $msg;
?>